Actually end the connection when request checks fail
This commit is contained in:
parent
7ac8e91cc2
commit
cf9678d712
3 changed files with 26 additions and 23 deletions
|
@ -17,14 +17,17 @@ func EnvironmentSensor(
|
|||
resp *types.EnvironmentSensor,
|
||||
) func(http.ResponseWriter, *http.Request) {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
body := string(updateEndpointValidator(authDB, validCredentials, w, r))
|
||||
body, err := updateEndpointValidator(authDB, validCredentials, w, r)
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
return
|
||||
}
|
||||
|
||||
// Parse request body
|
||||
newState, err := strconv.ParseFloat(body, 64)
|
||||
newState, err := strconv.ParseFloat(string(body), 64)
|
||||
if err != nil || math.IsInf(newState, 0) {
|
||||
log.Println("Failed to parse request body from", r.RemoteAddr, "body:", body)
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
_, _ = io.WriteString(w, "HTTP request body has to be a valid float64 value != +/-Inf")
|
||||
log.Println("Failed to parse request body from", r.RemoteAddr, "with error:", err)
|
||||
http.Error(w, "HTTP request body has to be a valid float64 value != +/-Inf", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
@ -16,14 +16,17 @@ func StateOpen(
|
|||
resp *types.SpaceState,
|
||||
) func(http.ResponseWriter, *http.Request) {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
body := string(updateEndpointValidator(authDB, validCredentials, w, r))
|
||||
body, err := updateEndpointValidator(authDB, validCredentials, w, r)
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
return
|
||||
}
|
||||
|
||||
// Parse request body
|
||||
newState, err := strconv.ParseBool(body)
|
||||
newState, err := strconv.ParseBool(string(body))
|
||||
if err != nil {
|
||||
log.Println("Failed to parse request body from", r.RemoteAddr, "body:", body)
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
_, _ = io.WriteString(w, "HTTP request body should either be true or false")
|
||||
log.Println("Failed to parse request body from", r.RemoteAddr, "with error:", err)
|
||||
http.Error(w, "HTTP request body should either be true or false", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
package handlers
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"log"
|
||||
"net/http"
|
||||
|
||||
"gitlab.hamburg.ccc.de/ccchh/spaceapid/config"
|
||||
|
@ -14,32 +15,28 @@ import (
|
|||
func updateEndpointValidator(
|
||||
authDB config.HTTPBACredentials, validCredentials []config.HTTPBACredentialID,
|
||||
w http.ResponseWriter, r *http.Request,
|
||||
) (body []byte) {
|
||||
) ([]byte, error) {
|
||||
// Check BasicAuth credentials
|
||||
username, password, ok := r.BasicAuth()
|
||||
if !ok || !util.CheckCredentials(authDB, validCredentials, username, password) {
|
||||
log.Println("Unauthorized request from", r.RemoteAddr, "Username:", username, "Password:", password)
|
||||
w.Header().Set("WWW-Authenticate", "Basic realm=\"space-api\"")
|
||||
w.WriteHeader(http.StatusUnauthorized)
|
||||
return
|
||||
http.Error(w, "", http.StatusUnauthorized)
|
||||
return []byte{}, errors.New(fmt.Sprintf("Unauthorized request from %s Username: %s Password: %s", r.RemoteAddr, username, password))
|
||||
}
|
||||
|
||||
// Check if PUT method
|
||||
if r.Method != http.MethodPut {
|
||||
log.Println("Wrong Method: ", r.Method, "from", r.RemoteAddr, "at", r.RequestURI)
|
||||
w.Header().Set("Allow", http.MethodPut)
|
||||
w.WriteHeader(http.StatusMethodNotAllowed)
|
||||
return
|
||||
http.Error(w, "", http.StatusMethodNotAllowed)
|
||||
return []byte{}, errors.New(fmt.Sprintf("Wrong Method: %s from %s at %s", r.Method, r.RemoteAddr, r.RequestURI))
|
||||
}
|
||||
|
||||
// Read request body
|
||||
body, err := io.ReadAll(r.Body)
|
||||
if err != nil {
|
||||
log.Println("Failed to read request body from", r.RemoteAddr)
|
||||
w.WriteHeader(http.StatusInternalServerError)
|
||||
_, _ = io.WriteString(w, "Failed reading HTTP request body")
|
||||
return
|
||||
http.Error(w, "", http.StatusInternalServerError)
|
||||
return []byte{}, errors.New(fmt.Sprintf("Failed to read request body from %s with error: %s", r.RemoteAddr, err))
|
||||
}
|
||||
|
||||
return body
|
||||
return body, nil
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue